I am trying to understand what is Authorization Management System (ttams) module which was added in Baan 5 and how it relates to user security. For example I see that there is a new set of fields in the tttaad200000 table:

t_crol_2 t_crol_3 t_crol_4 t_crol_5 t_crol_6

that lists "roles" that are assigned to users and it looks like these roles are defined in the tttams200000 table.

How do these link or further restrict the t_role assigned to users in the ttgbrg820xxx tables. DemFlows are used at this instance.

The ones in ttaad200 and ttams tables are related to session authorizations. The ones in tgbrg are related to DEM roles.

One tells you what sessions you can execute while the other one determines which sessions you'll see in your menu or dem flowchart.

It does make sense that they match and they are called the same to simplify user administration. However technically they could be completely different. Maybe some one more experienced with DEM can confirm this but there might even be a way to generate authorization roles based on DEM roles.

This is just a thought: Maybe it'll help if you try to understand this from the application perspective before going down to the table level.

As this is done as part of the audit I don't have access to the application and usually request a dump of tables from the client. So which tables do I need to look at in order for me to see what sessions a user has access to if the are restricted by some role in AMS

I am inclined to say if you had access to the session, ttams2400m000 it is easier to interpret the authorization settings and gather all the information than trying to interpret the authorization set for user (if they are linked to multiple roles or if they are company-based or package, module based settings etc).